
We found results for “”
CVE-2024-41817
Date: July 29, 2024
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The "AppImage" version "ImageMagick" might use an empty path when setting "MAGICK_CONFIGURE_PATH" and "LD_LIBRARY_PATH" environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing "ImageMagick". The vulnerability is fixed in 7.11-36.
Language: C
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Uncontrolled Search Path Element
CWE-427CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |